User:Mrfaber/X1C6 Arch Guide
Topics TODO
- Full disk encryption with LUKS and systemd-askpass
- Custom initramfs(needed modules/hooks, pros and cons for a minimal initrd, speed measurements)
- Power management, graphics performance, TLP
- Touchpad, trackpoint config, including udev hwdb, smooth scrolling for apps(Firefox)
- Controlling LEDs
- NetworkManager privacy functions, choosing DNS resolver, configuring systemd-resolved, DNS over TLS
- Pacman hooks for kernel updates
- Secure Boot, Keytool, sbsign
- Boot performance tweaks
- Optimal UEFI configuration
- Custom UEFI logo at boot, preparing and flashing UEFI updates to USB flash disks
- Setting up fwupd/LVFS
- Using EFISTUB, setting efivars via efibootmgr, creating a systemd-boot fallback
- Setting early splash screen via fbv instead of plymouth
- thinkpad_acpi and Thinkpad-specific tweaks, charge thresholds
- Setting up sudo
- Configuring systemd, journald, logind autologin
- Configuring ssd optimizations, issuing fstrim regularly
- Setting up gnome-shell, gdm3, gnome-shell extensions
- Setting gnome/gtk options in dconf, gnome-tweak-tool
- Keeping the system with all its components updated
- Keeping configuration files in sync
- System housekeeping (pacman hooks, cleaning caches, trash)
- Automation (benjaminoakes/maid, ansible)
- Backups (borg, important key files, LUKS headers)
Extra
TPM
- Using TPM 2.0 As a Secure Keystore on your Laptop - It's not as difficult as you think!
- tpm-luks LUKS support for storing keys in TPM NVRAM
- mkinitcpio-tpm-encrypt mkinitcpio hook that decrypts a TPM-sealed LUKS keyfile
- IBM Software TPM 2.0, Software TSS
- mkinitcpio-antievilmaid This mkinitcpio hook allows for Anti Evil Maid support for devices with a TPM on Arch Linux[...] (Uses trousers/TPM 1.2)
Secure boot
- sbtools Helpers for generating signed Arch Linux kernels for Secure Boot. And pacman hook for auto-generation.